The State of the Union Address and the Call for Corporate and Armed Forces Evolution

Mark Harrington

This week’s State of the Union Address was the fourth in a
row in which President Obama highlighted the critical nature of cybersecurity. Until
the most recent onslaught of headlines painted a painful picture of the
consequences of a data breach, all too many of our organizations have been
focused on passing compliance audits and dealing with a broad variety of
threats to long-term business viability. Times have changed, and the headlines
and the tough reality are all crystal clear: the bad guys are strong,
dedicated, and working productively together, and they are in our networks today.

As President Obama said, lawmakers must “finally pass the
legislation we need to better meet the evolving threat of cyber-attacks,” and,
“If we don’t act, we’ll leave our nation and our economy vulnerable.” Recently
proposed legislation would relieve some of the risk of participating in the
information-sharing for which the federal government is asking. Defending our
organizations is becoming increasingly complicated for legal and security
teams, so it’s crucial for such legislation to increase the incentives or
decrease the exposure that companies would experience in being more transparent
and collaborative with government when data breaches occur.

Preparing for a Cyber Pearl Harbor

In his first term in office, the president created a
cabinet-level cyber czar. Now the risk to our country is so severe that there
is a need to go one step further. In addition to the land, sea, and air
divisions of our U.S. armed forces, we should establish a military branch
focused on cyber warfare to consolidate our approach.

Just as our military transformed itself from horseback
riders in World War I to a mechanized and airborne fighting machine in World
War II, so should it undergo further evolution to address the front on
which our national defense is threatened in the modern age. The cyber war is
erupting all around us and, unlike foreign wars that our military has fought in
the past; this one threatens our domestic security and the foundation of our
way of life. The cyber Pearl Harbor hasn’t happened yet, but it will, and we
need to be ready with a robust cyber military branch of our armed forces.

Where Ayn Rand Meets
Rosie the Riveter

In the same spirit in which American women flexed their industrial muscle and
showed up to work the assembly lines of munitions factories in World War II, so
do our corporations need to step up. We should first push for legislation that
protects us from serious reputational damage when reporting on hacks, and then
add steps to our internal security workflows that enable information-sharing
between our own corporations and the government.

Such information-sharing combines good corporate citizenship
and enlightened self-interest in a way that benefits our national security, our economy,
and our shareholders. The most straightforward way for an organization to do
this is to use the NIST
Cybersecurity Framework as a baseline for information-security
preparedness, then add proactive threat-hunting in all the areas inside and
outside your firewalls where intellectual property, credit-card data, and other
sensitive data is stored. EnCase security products can help your security team do that.

Crossing National Lines

Why stop here? Until the United Nations takes up this
charge, we are well served to do it ourselves and collaborate with trusted
partners in commerce and governments around the world. The bad guys cross
borders. The good guys must do the same.

Mark
E. Harrington is Senior Vice President, General Counsel and Corporate Secretary
at Guidance Software and oversees worldwide legal responsibility for the
company.